def Run(self, args): """See ssh_utils.BaseSSHCLICommand.Run.""" key = flags.GetKeyFromArgs(args) oslogin_client = client.OsloginClient(self.ReleaseTrack()) user_email = properties.VALUES.core.account.Get() keys = oslogin_utils.GetKeyDictionaryFromProfile(user_email, oslogin_client) fingerprint = oslogin_utils.FindKeyInKeyList(key, keys) if fingerprint: return oslogin_client.DeleteSshPublicKey(user_email, fingerprint) else: raise client.OsloginKeyNotFoundError('Cannot find requested SSH key.')
def Run(self, args): """See ssh_utils.BaseSSHCLICommand.Run.""" key = flags.GetKeyFromArgs(args) oslogin_client = client.OsloginClient(self.ReleaseTrack()) user_email = gaia.GetAuthenticatedGaiaEmail(oslogin_client.client.http) keys = oslogin_utils.GetKeyDictionaryFromProfile( user_email, oslogin_client) fingerprint = oslogin_utils.FindKeyInKeyList(key, keys) expiry = oslogin_utils.ConvertTtlArgToExpiry(args.ttl) if fingerprint: return oslogin_client.UpdateSshPublicKey(user_email, fingerprint, keys[fingerprint], 'expirationTimeUsec', expiration_time=expiry) else: raise client.OsloginKeyNotFoundError( 'Cannot find requested SSH key.')
def Run(self, args): """See ssh_utils.BaseSSHCLICommand.Run.""" key = flags.GetKeyFromArgs(args) oslogin_client = client.OsloginClient(self.ReleaseTrack()) user_email = (properties.VALUES.auth.impersonate_service_account.Get() or properties.VALUES.core.account.Get()) keys = oslogin_utils.GetKeyDictionaryFromProfile( user_email, oslogin_client) fingerprint = oslogin_utils.FindKeyInKeyList(key, keys) expiry = oslogin_utils.ConvertTtlArgToExpiry(args.ttl) if fingerprint: return oslogin_client.UpdateSshPublicKey(user_email, fingerprint, keys[fingerprint], 'expirationTimeUsec', expiration_time=expiry) else: raise client.OsloginKeyNotFoundError( 'Cannot find requested SSH key.')
def CheckForOsloginAndGetUser(instance, project, requested_user, public_key, release_track): """Check instance/project metadata for oslogin and return updated username. Check to see if OS Login is enabled in metadata and if it is, return the OS Login user and a boolean value indicating if OS Login is being used. Args: instance: instance, The object representing the instance we are connecting to. project: project, The object representing the current project. requested_user: str, The default or requested username to connect as. public_key: str, The public key of the user connecting. release_track: release_track, The object representing the release track. Returns: tuple, A string containing the oslogin username and a boolean indicating wheather oslogin is being used. """ # Instance metadata has priority use_oslogin = False oslogin_enabled = _MetadataHasOsloginEnable(instance.metadata) if oslogin_enabled is None: project_metadata = project.commonInstanceMetadata oslogin_enabled = _MetadataHasOsloginEnable(project_metadata) if not oslogin_enabled: return requested_user, use_oslogin # Connect to the oslogin API and add public key to oslogin user account. oslogin = oslogin_client.OsloginClient(release_track) if not oslogin: log.warning( 'OS Login is enabled on Instance/Project, but is not available ' 'in the {0} version of gcloud.'.format(release_track.id)) return requested_user, use_oslogin user_email = properties.VALUES.core.account.Get() # Check to see if public key is already in profile, and import if not. login_profile = oslogin.GetLoginProfile(user_email, project.name) keys = oslogin_utils.GetKeyDictionaryFromProfile( user_email, oslogin, profile=login_profile) fingerprint = oslogin_utils.FindKeyInKeyList(public_key, keys) if not fingerprint: import_response = oslogin.ImportSshPublicKey(user_email, public_key) login_profile = import_response.loginProfile use_oslogin = True # Get the username for the oslogin user. If the username is the same as the # default user, return that one. Otherwise, return the 'primary' username. # If no 'primary' exists, return the first username. oslogin_user = None for pa in login_profile.posixAccounts: oslogin_user = oslogin_user or pa.username if pa.username == requested_user: return requested_user, use_oslogin elif pa.primary: oslogin_user = pa.username log.warning('Using OS Login user [{0}] instead of default user [{1}]' .format(oslogin_user, requested_user)) return oslogin_user, use_oslogin